CTF

Question

CTF

MrSud0 opened this issue 4 years ago · 7 comments

Hello,
Do you have any guidelines on how to setup the CTF scenario from https://www.jaist.ac.jp/misc/crond/achievements-en.html?
I am trying but without success.
Thanks,
Iason

Answer 1 · 2021-03-05T05:06:16.000Z

Hi,

The ctf-1.1.tgz archive contains a README.md file with setup instructions:

First you need to install CyTrONE and the related modules; if you haven't done this already, please follow the instructions on the CyTrONE GitHub page.
Next you need to install the CTF training content in CyTrONE; the procedure for this is described in the section "Setup" of the README.md file mentioned above.
If you still have issues please provide more details about the kind of troubles you encounter.

Best wishes,
Razvan

Answer 2 · 2021-03-08T12:49:48.000Z

Hi,
thank you for your response.
I have installed and configured the sub components (Cyris, Cylms, Cyprom) and I checked that they work by running them individually as described in their .docs.
I have install and configured Cytrone and i can start and create a session with the given examples incl. NIST-1. I can then navigate to the :8081 and interact with the training material. The instantiation of the scenario was completed with no errors.

Now I wish to run the ctf-1.1 scenario, I followed the readme but I dont know how to deal with 'Update the Cytrone training database ...." . I have updated the training-en.yml with the values from the ctf/training-en.yml.ctf see below for my final training-en.yml. Now, I try to run the create_session script but I am presented with the same options as previously. Upon investigating the create_session script i see that these options are hard-coded.

So my question is basically this, do I need to change something on that script to include the new training content? or did i miss something?
Thank you,
Iason

---
# Description of the types of training available in the database
- types:
  - name: Scenario-Based Training
    category: scenarios
  - name: Topic-Based Training [N/A]
    category: topics

# Description of the scenarios available in the training database
- scenarios:

  # Content inspired by the U.S. NIST "Technical Guide to Information
  # Security Testing and Assessment"
  - name: Information Security Testing and Assessment
    levels:
      - name: Level 1
        content: NIST-level1-content-en.yml
        range: NIST-level1-range.yml
      - name: Level 2 [N/A]
  - name: CTF-style content
    levels:
      - name: Binary
        content: ctf/binary/binary-content-en.yml
        specification: ctf/binary/binary-range.yml
      - name: Cryptography
        content: ctf/crypto/crypto-content-en.yml
        specification: ctf/crypto/crypto-range.yml
      - name: Network
        content: ctf/network/network-content-en.yml
        specification: ctf/network/network-range.yml
      - name: Operating System
        content: ctf/os/os-content-en.yml
        specification: ctf/os/os-range.yml
      - name: Web
        content: ctf/web/web-content-en.yml
        specification: ctf/web/web-range.yml

Answer 3 · 2021-03-10T01:57:01.000Z

Hi,
I am glad to hear that you are able to use the CyTrONE framework without issues. As for adding the new CTF training content, you are right: in addition to updating the database as you mentioned, you need to update the create_training.sh script to take into account the new content.
Alternatively, you can also try to install and use the web UI we provide, which queries CyTrONE's database, so it should show the up-to-date content:
https://github.com/crond-jaist/cytrone-ui-web
I hope everything will run smoothly for you now, so please enjoy the training.
Best wishes,
Razvan

Answer 4 · 2021-03-18T11:26:58.000Z

Hi,
Thank you for your help, I managed to install the CTF scenario but I face a different problem. The range is instantiated and i can ssh to the guest machines, but I don't have VNC access from the browser.
On the example scenario 'Activity#1: Example questions' there is a yellow button 'ACCESS CYBER RANGE, but on the scenario 'network ctf' (i have tried also the nist-1, cryptografy etc.) it doesn't appear.
Do you have any insight for that?
Thanks,
Iason

Answer 5 · 2021-03-18T11:39:18.000Z

Hi again,
I managed to get the button to appear, but when I click it I get redirected to :3000/access_range2.html which doesn't work.
Do you know what may be causing this?
Thanks,
Iason

Answer 6 · 2021-03-22T07:04:21.000Z

Hi,
From your explanation it is not clear whether VNC access via the browser ever worked for you or not. If it never worked, there may be some configuration issues, so you should check the related instructions, mainly in the CyLMS user guide.
If it worked before but doesn't work anymore, there may be some incorrect parameters left in your system, for instance due to failed cyber range creations and such. In this case I suggest you end any ongoing training activities and reboot your machine, then make sure CyTrONE shows no running sessions. After you do all this, you should try again to create a CTF activity.
As another suggestion, you could also try to use a VNC viewer program to connect directly to the VM associated to a training activity (the "virsh vncdisplay" command needs to be used to give you the correct VNC port number).
I hope this helps.
Best wishes,
Razvan

Answer 7 · 2021-07-25T23:33:37.000Z

Closed since the reporter did not do any follow-up for more than 4 months.